[Bug 202664] mergemaster as unprivileged user dumps master.passwd into /var/tmp/temproot

Wed Aug 26 04:10:53 UTC 2015

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202664

Chris Petrik <chris at bsdjunk.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |chris at bsdjunk.com

--- Comment #1 from Chris Petrik <chris at bsdjunk.com> ---
I think it uses /usr/src/etc/* as base and then it diffs all that to the system
etc, not the actual one installed in /etc/ so I don't think there's any threat.

if you have a look at /usr/src/etc/ you will see a generic master.passwd which
should be the same one youre looking at. a normal user has no access to
/etc/master.passwd

-rw-------  1 root  wheel  2612 Aug 24 03:06 /etc/master.passwd

-rw-r--r--  1 root  wheel  1640 Aug 18 12:26 /usr/src/etc/master.passwd

-- 
You are receiving this mail because:
You are the assignee for the bug.